// Copyright 2025 The Perses Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// NB: This file complements the oauth_go_gen.cue file generated by
// `cue get go` to add the missing constraints lost in the translation
// process. This should no longer be needed at some point hopefully, but for
// the moment, because of a technical limitation in the CUE translation
// process, a top-value (= "any") gets generated instead of a proper def for
// any type that defines a custom UnmarshallJSON or UnmarshallYAML.
// For more info see https://github.com/cue-lang/cue/issues/2466.

package secret

#OAuth: {
	// ClientID is the application's ID.
	clientID: #Hidden @go(ClientID)

	// ClientSecret is the application's secret.
	clientSecret:     #Hidden @go(ClientSecret)
	clientSecretFile: string  @go(ClientSecretFile)

	// TokenURL is the resource server's token endpoint
	// URL. This is a constant specific to each server.
	tokenURL: string @go(TokenURL)

	// Scope specifies optional requested permissions.
	scopes: [...string] @go(Scopes,[]string)

	// EndpointParams specifies additional parameters for requests to the token endpoint.
	endpointParams: {[string]: [...string]} @go(EndpointParams,map[string][]string)

	// AuthStyle optionally specifies how the endpoint wants the
	// client ID & client secret sent. The zero value means to
	// auto-detect.
	authStyle: int @go(AuthStyle)
}
